Effective 1 May 2025

Privacy Policy

Profit Guard by Defyn Digital.

1. Overview

Profit Guard ("Profit Guard", "we", "us", or "our") is a Shopify application built and operated by Defyn Digital. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you install and use Profit Guard from the Shopify App Store. By installing Profit Guard, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Merchant data. When you install Profit Guard, we collect and store:

• Shop domain, to identify your store and associate your data.
• Access token, to make authenticated API calls on your behalf (stored securely in our database).
• Order data: order IDs, order numbers, line-item prices, quantities, shipping amounts, and discount totals from your Shopify store. We use this to calculate profit margins. We do not store full customer names, addresses, or payment details.
• Cost configuration: the payment fee percentages, default COGS ratios, shipping cost defaults, and profit threshold you configure inside the app.

Customer data. We do not collect, store, or process personal information about your customers (names, email addresses, phone numbers, physical addresses, payment card data). Our profit calculations use only financial line-item figures (prices, quantities, discounts), not the identities of the people who placed those orders.

Usage data. We may collect anonymised usage logs (for example, which pages you visit inside the embedded app) solely for debugging and performance monitoring.

3. How We Use Your Information

• Calculate real-time profit margins for your orders.
• Store profit breakdowns so you can view them in the dashboard.
• Apply order tags in your Shopify admin when flagged orders are detected (if enabled).
• Maintain your cost configuration settings between sessions.
• Respond to your support requests.
• Improve the app based on aggregated, anonymised usage patterns.

We do not sell, rent, or share your data with third parties for marketing purposes.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Neon (neon.tech), located in the Asia-Pacific (Sydney) region. The connection is encrypted via TLS. Access to the database is restricted to the Profit Guard application only. Shopify access tokens are stored encrypted at rest. We apply Shopify's recommended security practices for embedded apps, including HMAC verification for all webhook payloads. While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your order profit records and cost configuration for as long as your store has Profit Guard installed. When you uninstall the app, we receive a Shopify app/uninstalled webhook and delete your access token immediately. Under Shopify's GDPR compliance process, we also respond to shop/redact webhooks by permanently deleting all remaining store data within 48 hours of uninstallation.

6. GDPR and Your Rights

If you are located in the European Economic Area (EEA), you have certain data protection rights under GDPR. Because we do not store personal customer data, most GDPR rights (access, portability, erasure) apply primarily to your merchant account data rather than your customers' data. You have the right to:

• Access: request a copy of the data we hold about your store.
• Correction: request that inaccurate data be corrected.
• Erasure: request deletion of your store data (uninstalling the app triggers this automatically).
• Portability: request your data in a machine-readable format.

To exercise any of these rights, email us at dan@defyn.com.au. We will respond within 30 days. Shopify also processes your store data as a data controller. Please review Shopify's Privacy Policy for information about how they handle your data.

7. Third-Party Services

Profit Guard uses the following third-party services to operate:

• Vercel, application hosting (vercel.com). Data may transit through Vercel's infrastructure.
• Neon, PostgreSQL database hosting (neon.tech). Your store data is stored on Neon's servers.
• Shopify, the platform that provides OAuth, webhooks, and the embedded app framework.

Each of these services maintains its own privacy policy and security practices. We choose providers that meet or exceed industry-standard security requirements.

8. Cookies

Profit Guard is an embedded Shopify app and does not set first-party cookies in merchants' storefronts. Shopify's App Bridge may use session tokens for authentication purposes within the embedded admin frame. We do not use tracking or advertising cookies inside the app. This marketing site (getprofitguard.com) uses Google Tag Manager for anonymised analytics.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Effective" date at the top of this page and, where appropriate, by sending a notice through the Shopify admin. Continued use of Profit Guard after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Defyn Digital
Email: dan@defyn.com.au
App: Profit Guard on the Shopify App Store